Turns out it took me closer to 12 months to actually finish these system changes, but they are now live.

As of today, any remaining in-game clients attempting to access old API endpoints on "thyth.com" will fail, as they will receive HTTP 301 redirects to HTTPS. Clients that have been updated to access API endpoints on "tribesnext.thyth.com" will continue to be able to use unencrypted HTTP. As far as I can tell, the support for TLS web requests in Tribes 2 never worked correctly, so both HTTP and HTTPS are enabled on "tribesnext.thyth.com" to maintain compatibility.

With that said, anyone who has written code that targets the TribesNext browser APIs should switch from HTTP to HTTPS protocol for added security (especially since it will protect TribesNext account passwords in flight). I've updated the URLs in the documentation posts at the start of this topic accordingly.

Sarcastic, narcissistic, genius, resurrecting the game with brilliant strokes of wizardry.